Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack. “Among the other critical bugs patched, system administrators are urged to immediately deploy fixes for a Remote Desktop Services remote code-execution vulnerability (CVE-2019-0708). The bug is notable for a number of reasons. One, it’s ‘wormable’ flaw and has the potential to be exploited in a fast-moving malware attack similar to WannaCry. As a testament to its potential for havoc, Microsoft has also gone the extra step in deploying patches to Windows XP and Windows 2003 for the bug, neither of which is still supported via monthly Patch Tuesday updates.”

BetaNews: Micropatch now available for Internet Explorer security hole

BetaNews: Micropatch now available for Internet Explorer security hole. “Through its 0patch platform, ACROS Security is making the micropatch available to Windows users who are concerned about the security of Internet Explorer. While there are likely to be concerns voiced about installing a security patch from a third party, there are two things to consider here.”

BetaNews: April’s Patch Tuesday updates are causing Windows to freeze

BetaNews: April’s Patch Tuesday updates are causing Windows to freeze. “If you installed the latest batch of patches from Microsoft this week and found that your computer started to freeze up or fail to boot, you are not alone. The problem is affecting Windows 7, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, and stems from a compatibility issue with antivirus software.”

Krebs on Security: Patch Tuesday, March 2019 Edition

Krebs on Security: Patch Tuesday, March 2019 Edition. “Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.”

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”

Patch Tuesday: Here’s what’s new for Windows 7 and Windows 8.1 (Neowin)

Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and Windows 8.1. “It’s the second Tuesday of the month, and that means it’s time for Patch Tuesday updates. As usual, today’s cumulative updates are heading out to all supported versions of Windows. These include Windows 10 and all older versions of Windows that are still supported. That list includes Windows 7 and its corresponding server version, Windows Server 2008 R2 SP1, Windows 8.1 and Server 2012 R2, and the original Windows Server 2012.”

ZDNet: Recently patched Ubuntu needs another quick patch

ZDNet: Recently patched Ubuntu needs another quick patch. “Sometimes when I fix things around my house I end up causing more problems. Software developers are the same way. Last week, Canonical’s Ubuntu developers fixed over 10 security bugs in Ubuntu 18.04… But, as it turned out, it introduced at least two other bugs.”